W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2018

Transfer-Encoding and XSS

From: Ricardo Iramar dos Santos <riramar@gmail.com>
Date: Mon, 17 Sep 2018 13:16:26 -0300
Message-ID: <CAE5Wca3qLymXy68d-BHu5GNABoQKx6qGw6R5Bw+4umeXLVHXQA@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
Hi All,

I know Transfer-Encoding request header per specification (xmlhttprequest
and fetch) cannot be defined by the user so I'm trying to check when the
browsers use it. I've already google it but I couldn't find something
really clear.
What I'm trying to achieve is check if it's possible to an attacker exploit
a XSS using a cross domain request take advantage of this PHP issue
https://bugs.php.net/bug.php?id=76582. Basically what happens is if a
Apache+PHP server receive a POST request with "Transfer-Encoding: chunked"
header the request body is reflected on the response body.

Ricardo Iramar
Received on Monday, 17 September 2018 16:17:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:55:04 UTC